934e5538341e13807b5a173776e947596814f9dd2fd179e8373d70f2b6170b24

Sharing

Copy URL

Twitter E-mail

General

Target

934e5538341e13807b5a173776e947596814f9dd2fd179e8373d70f2b6170b24
Size

239KB
MD5

d9c64a5e7e3dd6aece2ae1dadba56b8f
SHA1

e898639ea0f46754acd5d9102145e09602341ba7
SHA256

934e5538341e13807b5a173776e947596814f9dd2fd179e8373d70f2b6170b24
SHA512

317bbcbca132cfe33c84628af0765139c3b0c93c6f2f9b7e3047c378b64727eb40087e3a869e9014591cb126d7cf7a7e53e1ae183deab26755dfffdfbc87c097
SSDEEP

3072:L1H4FdrzyEnk9bc+8aN+nfz3yIg6+U8Wozy1WZ:5oXk9b2zfz3hdL8n21W

Score

N/A

Malware Config

Signatures

Files

934e5538341e13807b5a173776e947596814f9dd2fd179e8373d70f2b6170b24
.exe windows x86

97e4c88d93e8bf69b25e1395eece21f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQueryEx
FindActCtxSectionStringA
ActivateActCtx
SetCommConfig
CreateEventA
TerminateProcess
lstrcatA
GetStringTypeExA
GetProcAddress
ExpandEnvironmentStringsA
GetProcessWorkingSetSize
LocalAlloc
_lread
GetModuleHandleA
UpdateResourceW
DeleteFileA
GetProcessHeap
GetTickCount
SetEvent
GetTimeFormatA
SetDefaultCommConfigW
GetNumberOfConsoleMouseButtons
LoadResource
SetEndOfFile
GetNumaHighestNodeNumber
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
TlsGetValue
TlsSetValue
GetModuleHandleW
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
LoadLibraryW

advapi32

RegDeleteValueW
SetSecurityDescriptorDacl
OpenServiceW
DestroyPrivateObjectSecurity

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 50.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yasuha
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97e4c88d93e8bf69b25e1395eece21f4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 105KB - Virtual size: 104KB

.data Size: 4KB - Virtual size: 50.6MB

.tls Size: 40KB - Virtual size: 40KB

.yasuha Size: 10KB - Virtual size: 10KB

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 105KB - Virtual size: 104KB

.data
Size: 4KB - Virtual size: 50.6MB

.tls
Size: 40KB - Virtual size: 40KB

.yasuha
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 40KB - Virtual size: 40KB